Depending on the type of malware, if you have it, the performance of your device could suffer, your personal information could be stolen, or intruders could gain access to your accounts. Those are just some of the potential consequences.

Svpeng is one type which combined ransomware and payment-card theft. For Russians (whom Svpeng was originally created to target) Svpeng would present a screen to input credit card details every time a user went to Google Play, which it would then send to the cybercriminal gang that created it.

For people in the US and UK it would present itself as the FBI, locking down the infected device for supposedly having child pornography on it. The user would then have to pay a ‘fine’ in order to have the device released.

Svpeng also checked to see if a banking app was installed, though it is unclear what it did with that information.

Apps Installing Without Your Consent

Do you have any apps that let you open links inside them without having to go to your browser app? The component that renders the page for you in that situation is called Webview – and if you are one of the 950 million people who are running Android 4.3 Jellybean or lower, you need to know about this vulnerability.

While browsing in Webview, you’re vulnerable to a Universal Cross-Site Scripting (UXSS) attack. This means that if you happen to click on a malicious link, an attacker can execute any malicious code he or she wants through JavaScript – completely bypassing the security mechanisms that usually protect you. The attacker can use this vulnerability to automatically install any app they want onto your device.

Your Phone Is Off… Right?

Android/PowerOffHijack is malware that hijacks the shutdown process of your device so that it appears to be off, but remains functional. That way it can secretly make calls, take pictures, and more – all without you having a clue.

Unlike the first type of malware discussed in this article, Android/PowerOffHijack affects Android 5.0 and higher, and requires root access to work.

As of February 18th, about 10,000 devices were infected. So, do you need to worry? Unless you download apps from Chinese app stores, you’re probably safe from this threat, at least.

Innocent Apps Hiding Dormant Malware

In February we learned that certain Android apps were giving their users more than they bargained for. A patience/solitaire game, an IQ test, and a history app all sound innocent enough, don’t they? And you would never expect they had a problem if they behaved as intended for a month before doing anything dubious, wouldn’t you? However, each of these apps, which were downloaded more than five million times, had code in them that would trigger popups that, if clicked on, would lead to fake webpages, run illicit processes, or start unwanted app installs and downloads.

Filip Chytry of Avast Antivirus sheds light on the clue that tells you if you have this kind of malware:

Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie.

Google has suspended these apps from the Google Play Store, so as long as you don’t download them from another source, you’ll be okay.

Malware for Sextortion

Cybercriminals in South Korea have created fake social media profiles of attractive women to lure people into cybersex, whom they then blackmail by threatening to release the video on YouTube.

Here’s where the malware comes in. The perpetrators are now pretending that they experience audio problems with the chosen software (like Skype) and persuade their victim to download an chat app of their preference. In truth, the chat app steals the victims contacts to send to the blackmailer. The criminal uses the contact information to extort money more effectively by threatening to share the video with the victim’s close friends and family.

Android Installer Hijacking Vulnerability

Nearly 50% of all Android devices are at risk of a vulnerability called “Android Installer Hijacking”. Put simply, when you go to download a legitimate app, the installer can be hijacked allowing an app you didn’t want to be installed in its place. This happens in the background while you are reviewing the permissions of the app you want to install, either by setting up the benign app to install malware later, or by masking the true permissions it requires.

According to Palo Alto Networks, who discovered this vulnerability, if you have an affected device, the best way to avoid inadvertently downloading malware is by only installing apps from the Google Play Store.

Is Malware a Big Deal?

The Motive Security Labs malware report – H2 2014, which looked at all popular mobile device platforms, found that Android devices have caught up with Windows laptops in terms of malware attack numbers, with infection rates between Android and Windows devices split 50/50.

“An average of 0.03% of smartphones per week—out of tens of millions of mobile devices on the Verizon network—were infected with “higher-grade” malicious code.”

Verizon considers most of the malware infecting Android devices to be trivial “adnoyance-ware”, and other types that waste resources but don’t cause significantly more harm. Think that means we don’t need to worry about malware on our mobile devices? Not at all.

We are not saying that we can ignore mobile devices; far from it. Mobile devices have clearly demonstrated their ability to be vulnerable. What we are saying is that we know the threat actors are already using a variety of other methods to break into our systems, and we should prioritize our resources to focus on the methods that they’re using now.

Staying Safe

When you hear that 97% of the mobile malware out there is on Android (as reported by F-Secure), it certainly sounds like Android must be insecure for that to be the case. Just remember that as long as you stick to apps from the official Google Play Store, you are unlikely to encounter any of the dangerous malware out there. As we’ve shown here, malware lives and thrives in unofficial app stores, which are largely unregulated.